Azure – Soft-delete will be enabled by default for Azure Key Vault

You may already know Azure Key Vault, the cloud solution provided by Azure to store securely secrets (like certificates, passwords…)

You may already know there is a functionality available called soft-deleted allowing to recover deleted secret up to 90 days after the deletion.

This option is available from the Properties blade of the Key Vault


Well, this functionality will be automatically  enabled by the end of the year, making opt-in/opt-out impossible.

If you regularly have to delete existing secret to create new ones using the same name this will cause you some trouble as an existing secret with the same will already exist (in the ‘recycle bin’). You will have to update your process to either generate name or purge the deleted secret before reusing the same secret name.

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies